Hi, I am trying to setup mirror mode on two identical machines. Previously, these two machine were setup as PDC and BDC, using syncrepl provider and comsumer method. All changes are done through the PDC, and will sync to BDC. We decided to use mirror mode for high availability but having issue getting it to work. When I try to create an account, I will get an error message regarding smbldap-tools. See below.
Error: shadow context; no update referral at /usr/sbin//smbldap_tools.pm line 1083, <DATA> line 466.
Is there anything on smbldap.conf that I need to change? I made sure that the master were pointing to each other.
Below is my mirror mode configuration.
Machine 1 - IP Address 192.0.0.201
ServerID 1
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
syncrepl rid=001 provider=ldap://192.0.0.202:389 type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 +" searchbase="dc=my,dc=domain,dc=com" scope=sub schemachecking=on bindmethod=simple binddn="cn=Manager,dc=my,dc=domain,dc=com" credentials=mypassword
mirrormode on
Machine 2 - IP Address 192.0.0.202
ServerID 2
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
syncrepl rid=001 provider=ldap://192.0.0.201:389 type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 +" searchbase="dc=my,dc=domain,dc=com" scope=sub schemachecking=on bindmethod=simple binddn="cn=Manager,dc=my,dc=domain,dc=com" credentials=mypassword
mirrormode on
Thanks in advance.
--On Wednesday, June 17, 2009 11:17 AM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
Hi, I am trying to setup mirror mode on two identical machines. Previously, these two machine were setup as PDC and BDC, using syncrepl provider and comsumer method. All changes are done through the PDC, and will sync to BDC. We decided to use mirror mode for high availability but having issue getting it to work. When I try to create an account, I will get an error message regarding smbldap-tools. See below.
Thanks in advance.
Well, for one question -- What release of OpenLDAP are you using?
Second, have you gotten mirror mode to work without samba in place? I'd make sure you're familiar with the general configuration prior to throwing Samba into the mix.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
I am running openldap version 2.3.43.
There is samba in place. We are using samba with openldap for replication, and using smbldap-tools for managing accounts. I'm not expert on the configuration but we got it working using syncrepl, provider and consumer type thing.
I'm not sure why is smbldap-tools complaining about referral when there is no such thing on slapd?
Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2009 11:17 AM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
Hi, I am trying to setup mirror mode on two identical machines. Previously, these two machine were setup as PDC and BDC, using syncrepl provider and comsumer method. All changes are done through the PDC, and will sync to BDC. We decided to use mirror mode for high availability but having issue getting it to work. When I try to create an account, I will get an error message regarding smbldap-tools. See below.
Thanks in advance.
Well, for one question -- What release of OpenLDAP are you using?
Second, have you gotten mirror mode to work without samba in place? I'd make sure you're familiar with the general configuration prior to throwing Samba into the mix.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
I am running openldap version 2.3.43.
I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
I am running openldap version 2.3.43.
I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Is that right? thanks for all the help.
I updated to 2.4.16 version and it worked. Thanks a million.
Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
I am running openldap version 2.3.43.
I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Ivan Ordonez wrote:
I updated to 2.4.16 version and it worked. Thanks a million.
Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
I am running openldap version 2.3.43.
I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
--On Thursday, June 18, 2009 1:21 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
Depends on how you configured your clients to handle fail over. If you've done it right, it'll happen just like you expect.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Thursday, June 18, 2009 1:21 PM -0700 Ivan Ordonez iordonez@nature.berkeley.edu wrote:
Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
Depends on how you configured your clients to handle fail over. If you've done it right, it'll happen just like you expect.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Here is our setup and we thought we had it working the way we want but failed when we did the test this morning.
Host1 and Host2 are both configured as PDC by way of samba and using UCARP at the same time. We test UCARP, and could see that it is working fine. I configured openldap for mirror mode and things are working as expected. I can add machine, user to the domain without any issue. We can access shared drive without any issue as well. I can make changes using smbldap tools in node2 and the changes are clearly seen on node1 and vice versa.
I decided to shutdown one of the machine just to see if the failover will work and to my surprise, it did not.
Can someone please advise? what changes do I need to do on the client machines? anything I need to do on node1 and node2? maybe instead of having two PDC inside UCARP, make a PDC and BDC instead?
Any advise is greeatly appreciated. Thanks in advance.
On Thursday 18 June 2009 23:00:25 Ivan Ordonez wrote:
Quanah Gibson-Mount wrote:
--On Thursday, June 18, 2009 1:21 PM -0700 Ivan Ordonez
iordonez@nature.berkeley.edu wrote:
Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
Depends on how you configured your clients to handle fail over. If you've done it right, it'll happen just like you expect.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Here is our setup and we thought we had it working the way we want but failed when we did the test this morning.
Host1 and Host2 are both configured as PDC by way of samba and using UCARP at the same time.
There is no need for this from the samba perspective. The difference between PDC and BDC is really just which one is talking to an LDAP server that will accept writes ... you can in theory have multiple "PDC"s that talk to one LDAP master. Regardless, you shouldn't use UCARP here IMHO.
We test UCARP, and could see that it is working fine. I configured openldap for mirror mode
With 2.3?
and things are working as expected.
Are you sure? How did you test?
I can add machine, user to the domain without any issue.
You can do this without mirrormode, as samba chases referrals ...
We can access shared drive without any issue as well. I can make changes using smbldap tools in node2 and the changes are clearly seen on node1 and vice versa.
I decided to shutdown one of the machine just to see if the failover will work and to my surprise, it did not.
What worked, and what did not? What error messages did you get?
Can someone please advise? what changes do I need to do on the client machines?
None.
anything I need to do on node1 and node2?
Can't tell, since you don't provide any detail of the configuration, and we have to guess from your incomplete statements what you have done.
maybe instead of having two PDC inside UCARP, make a PDC and BDC instead?
Any advise is greeatly appreciated. Thanks in advance.
Ensure that all your LDAP client software (nss_ldap if you use it, pam_ldap if you use it, samba etc.) is configured to fail over to both the real hosts (so, if they don't need writes, they have a better chance of getting read-only requests answered, even if ucarp is not running etc.), and if you have any software that does a lot of writes, then point that at the UCARP address, which you should only use for LDAP (I would recommend that you don't make samba available on the UCARP address, unless you have ctdb in place with a shared filesystem between the two, otherwise you are lying to the clients).
Ensure that nss_ldap configuration is correct to allow failover (look at bind_policy, nss_reconnect_triest, nss_reconnect_sleeptime, nss_reconnect_maxsleeptime, nss_reconnect_maxconntries options)
I note that you may be able to get better answers on the samba-specific parts of your problem on the samba lists.
Regards, Buchan
You'll probably want to implement a high availability service like Linux-HA to handle keeping an active IP pointing to the last functional server... then point your clients to it instead of the individual IPs of the servers.
On Thu, Jun 18, 2009 at 2:21 PM, Ivan Ordonez iordonez@nature.berkeley.eduwrote:
Ivan Ordonez wrote:
I updated to 2.4.16 version and it worked. Thanks a million.
Quanah Gibson-Mount wrote:
--On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez < iordonez@nature.berkeley.edu> wrote:
I am running openldap version 2.3.43.
I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
That is how UCARP work. It is using a virtual IP, which the clients are pointing to but no luck. UCARP is smart enough to know which server is the master or backup.
Matt Kassawara wrote:
You'll probably want to implement a high availability service like Linux-HA to handle keeping an active IP pointing to the last functional server... then point your clients to it instead of the individual IPs of the servers.
On Thu, Jun 18, 2009 at 2:21 PM, Ivan Ordonez <iordonez@nature.berkeley.edu mailto:iordonez@nature.berkeley.edu> wrote:
Ivan Ordonez wrote: I updated to 2.4.16 version and it worked. Thanks a million. Quanah Gibson-Mount wrote: --On Wednesday, June 17, 2009 4:03 PM -0700 Ivan Ordonez <iordonez@nature.berkeley.edu <mailto:iordonez@nature.berkeley.edu>> wrote: I am running openldap version 2.3.43. I'd suggest you go read the OpenLDAP 2.3 admin guide and man pages then. Because you'd quickly discover that mirror mode didn't get added until OpenLDAP 2.4. :) --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration Why is it that when I shut down host1, both openldap and samba stop working on host2? I thought the purpose of mirroring is to have a backup server to take over in case the other fails?
openldap-technical@openldap.org
-
Buchan Milne -
Ivan Ordonez -
Matt Kassawara -
Quanah Gibson-Mount